A Denial of Service (DoS) attack is an attempt to make a system unavailable to the intended user(s), such as preventing access to a website. A successful DoS attack consumes all available network or system resources, usually resulting in a slowdown or server crash. Whenever multiple sources are coordinating in the DoS attack, it becomes […]
SQL injection was one of the primary attack vectors responsible for many of 2011’s high profile compromises including Sony Pictures, HBGary, and PBS. It was also responsible for the more recent Adobe data breach in which names, email addresses, and password hashes were stolen from one of their customer databases. SQL injection is a dangerous […]
On affected systems, meltdown enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges, affecting millions of customers and virtually every user of a personal computer. We show that the KAISER defense mechanism for KASLR has the important (but inadvertent) side effect of impeding meltdown. […]
Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary. This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from […]
Ransomware continues to make organizations suffer, as evidenced by the persistence of Cerber and outbreaks of WannaCry and Petya (also known as NotPetya, since it was a variant of the original but with new behaviors). Looking at the raw numbers, WannaCry bested Cerber as the most prolific ransomware family, remaining active since its initial outbreak […]
Ninety percent of organizations feel vulnerable to insider attacks. The main enabling risk factors include too many users with excessive access privileges (37%), an increasing number of devices with access to sensitive data (36%), and the increasing complexity of information technology (35%). The resulting Insider Threat Report is the most comprehensive research on the topic […]
The data in this report provides insights on online threats in websites that were detected by Quttera automated tools and analysed by the malware research team. Read more about “Quttera Annual Website Report 2016” which can be downloaded via the TTCSIRT Website at https://ttcsirt.gov.tt/documents/website2016.pdf
Telstra Cyber Security Report 2017 provides insights into the current cyber security landscape to arm organisations with information on how to manage and mitigate their business risks. Read more about “Telstra Cyber Security Report 2017” which can be downloaded via the TTCSIRT Website at https://ttcsirt.gov.tt/documents/telstra2017.pdf
As society becomes more connected and technology more ubiquitous, securing the systems, networks and data on which we rely becomes increasingly important – for individual safety, economic security, and national defense. Digital attacks can now affect critical infrastructure, turn smartphones into monitoring devices, and put the safety of healthcare patients at risk. Read more about […]
The spread of new technologies and data analytics, the digitisation of business and increased digital links between organisations and their employees, is expected to escalate tomorrow’s cyber risk as those behind cyberattacks become more sophisticated in their execution and their endeavours are not diminishing. The solution demands a resilient IT security strategy that includes a […]
